At least a quarter of ransomware attacks against businesses or other organizations start with phishing attempts, which often dangle a malicious document laced with tainted macros, according to Brett Callow, a threat analyst at the antivirus company Emsisoft.
“We are always working to improve security,” said a Microsoft spokesperson in a statement. “Our products currently provide a warning to all customers that requires them to click before running macros from the internet. This new feature goes even further with an extra step to protect customers in everyday scenarios.” The company declined to say specifically why it took the step now and had not done it sooner.
By disabling macros specifically in files obtained from the internet, Microsoft appears to be attempting a diplomatic solution. Windows marks files you download with a metadata attribute known as “Mark of the Web” or “zone.identifier.” These help the system do things like warn you when you're about to run software from the internet that may not be trustworthy.
“As a red teamer, I think this is a great move,” says independent researcher Cedric Owens. “Office macro abuse has had a long tail, and since there is rarely a valid use for Office files using macros, especially in files obtained from the internet, I'm glad to see Microsoft make this change.”
Technology Technology Latest News, Technology Technology Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: PhoneArena - 🏆 322. / 59 Read more »